| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2025-64671 | GitHub Copilot for Jetbrains Remote Code Execution Vulnerability | GitHub | Informative | 06-01-2026 |
Technical Information
An unauthenticated attacker can exploit a command injection vulnerability to execute arbitrary code locally by injecting malicious commands through untrusted files or MCP servers when user’s terminal auto-approve is enabled.
Patch release date: Dec 08, 2025
Further information on this vulnerability is available at : CVE-2025-64671